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1.3.  COMPONENTS  AND  TERMINOLOGY  OF  THE  MMI 


The  EAGLE's  Man-Machine  Interface  (MMI)  is  made  of  a logo,  a toolbar 
including  three  modules  and  a workspace  changing  according  to  the 
selected  module.  The  diagram  below  illustrates  the  components  and  the 
terminology  used  by  the  MMI: 
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I w I I 


In  addition,  various  Status  message  can  be  displayed.  Their  colour  follows  a 
convention: 

> Green : requested  action  is  successful 


Matches  found 


> Yellow\  you  missed  an  action 
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2.2.  New  Interception  Manager  (NIM) 

The  "New  Interception  Manager  (NIM)"  module  contains  the  different 
Process  Folders  (OC,  GS,  NI  or  Uncatched)  allocated  to  you  by  your 
Superuser. 


EAGLE „ 

dmesgs^* 


/u\ 


New  Interception 
Manager  (NIM) 

' UNUNCATCHED 


Unread  interceptions 
|7  Opened  interceptions 
W Closed  interceptions 
Filter 


Selected  folder:  BIAT 


Search  Directives  | All  | All\Http  | Mail  | VoIP  | Chat  | Search  Engine  | Http  | Transfer  | 

Search  directives  for  "BIAT" 


Timestamp 

Note 

| 06/10/08  11:07:10 

I please  identifv  every  emplovee  fforn  this  bank 

Once  you  have  selected  a Process  Folder,  you  can  hide  the  modules 
by  clicking  on  the  □ button,  to  enlarge  your  workspace. 
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2.2.1.  Search  Directives  Tab 

The  "Search  Directives " tab  list  chronologically  the  orders  coming  from  the 
Superuser  for  each  Process  Folder.  They  include  a "Note"  and  the 
"Timestamp"  (date  and  time)  of  its  emission. 

Search  Directives  | All  | All\Http  | Mail  | VoIP  | Chat  | Search  Engine  | Http  | Transfer  | I 


Search  directives  for  "BIAT" 


| Timestamp 

Note  | 

I 06/10/08  11:07:10 

please  identifv  everv  emplovee  from  this  bank 

1 

Selected  folder:  BIAT 


^ Check  regularly  the  "Search  Directives"  to  be  up-to-date  of  the 
Superuser's  orders. 
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2.2.2.  Pre-classified  interception  Tabs 

The  pre-classified  interception  tabs,  "All",  "AII\Http"  (all  interceptions  except 
Http),  " Mail ",  " VoIP ",  " Chat ",  " Search  Engine",  "Http"  and  " Transfer " list  the 
interceptions  by  category. 

Search  Directives  All  | All\Http  | Mail  | VoIP  | Chat  | Search  Engine  | Http  | Transfer  | U 

| All  categories  ^ | 


All  in  BIAT 


l-*<l  < I Page  8 


Timestamp 

Category 

Relevance  Note 

Detail 

Zero 

Morij  10  Nov  08  11:53:53  +0000 

Webmail 

no  interest 

elyes.benrayana@biat. . . 

\ 

Poor 

Mon,  10  Nov  08  11:04:34  +0000 

Webmail 

mounir.jouini@biat.c. . . 

\ 

Zero 

Mon,  10  NOV  08  10:18:29  +0000 

Webmail 

empty 

bactamouna@yahoo.fr 

\ 

Zero 

Mon,  10  Nov  08  10:17:18  +0000 

Webmail 

empty 

bactamouna@yahoo.fr 

s 

Zero 

Mon,  10  Nov  08  09:10:01  +0000 

Webmail 

empty 

Zero 

Mon,  10  NOV  08  09:07:49  +0000 

Webmail 

empty 

skanders@biat.com.  tn 

Zero 

Mon,  10  Nov  08  08:07:07  +0000 

Webmail 

empty 

Zero 

Sun,  09  Nov  08  21:10:03  +0000 

Webmail 

empty 

mounir.jouini@biat.c... 

Zero 

Sun,  09  NOV  08  20:51:36  +0000 

Webmail 

empty 

mounir.jouini@biat.c. . . 

\ 

Zero 

sun,  09  NOV  08  07:40:31  +0000 

Webmail 

empty 

ghraieb@yahoo.fr 

\ 

Poor 

Sun,  09  Nov  08  07:03:32  +0000 

POP3 

empty 

trimeche_kamel@yahoo. . . 

Selected  folder:  BIAT 


Some  of  the  tabs  have  a drop-down  list  to  refine  the  selection  as  described 
in  the  table  below: 


All 


AII\Http 


Mail  VoIP  Transfer 


IMAP 

[volP/SIG 

Telnet 

POP3 

i VolP/RTP 

FTP  1 

SMTP 

IVolP 

Webmail 
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2.2.3.  Search  Function 


The  "Search"  function  is  a text  search  engine  that  can  help  you  to  minimize 
the  time  required  to  find  valuable  information,  and  the  amount  of 
interceptions  which  must  be  consulted. 

Once  a search  is  done,  automatically,  a new  tab  will  be  created  as  shown 
below,  allowing  you  to  work  on  it  or  to  refine  your  search.  When  finish,  click 
on  the  Close  tab  button  y to  close  a Search  result  tab. 


EAGLE „ 

dmpsgs^* 


| asma.bouabid  and  aida.segni 


=$*= 


F?  Unread  interceptions 
W Opened  interceptions 
W Closed  interceptions 
Filter 


Selected  folder:  BIAT 


Search  Directives  | All  | AII\Http  | Mail  | VoIP  | Chat  | Search  Engine  | Http  | Transfer 


ibinAll  | 


Search  in  BIAT 


Looking  for  "asma.bouabid  and  aida.segni"  in  All 


Category  Relevance  Note 


Tue,  13  Jan  09  16: 15: 18  +0000 


Tue,  13  Jan  09  16:10:59  +0000 


Webmail 

ayachihabib@yahoo.ff 

\ 

Webmail 

maherbenaissa@yahoo. . . . 

\ 

Page  1 


E 


^ The  "Search"  function  uses  a list  of  common  words  that  are  not 
indexed  such  as  for  example  "of"r  "the"f  "is"  and  so  on. 
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2.2.4.  Filter  Function 

An  interception  can  have  various  statuses: 

> " Unread " until  any  operator  open  it  for  the  first  time 

> "Opened"  when  it  has  been  opened  but  does  not  have  " Relevance 

note" 

> " Closed " when  any  operator  attributes  to  it  " Relevance  note"  (Zero, 
Poor,  Good  or  Very  good). 


With  the  " Filter " function,  you  can  filter  interceptions  according  to  their 
current  status.  For  example,  below  are  displayed  only  "Opened"  and 
" Closed " interceptions. 


EAGLE 


Search 

r 


Search  Directives  Al  | AII\Http  | Mail  | VoIP  | Chat  | Search  Engine  | Http  | Transfer  | 
| All  categories 


Filter  — 

I-  Unread  interceptions 
W Opened  interceptions 
W Closed  interceptions 


All  in  BIAT 


Filter 


Timestamp 

Category 

Relevance  Note 

Detail 

Open 

Thu,  22  Jan  09  15:08: 19  +0000 

Webmail 

chaffai.faten@gmail. . . . 

\ 

Open 

Thu,  22  Jan  09  14:27:18  +0000 

Webmail 

chaffai.faten@gmail. . . . 

Open 

Thu,  22  Jan  09  13:45:42  +0000 

Webmail 

asma.bouabid@biat.co... 

Open 

Thu,  22  Jan  09  10:34:47  +0000 

Webmail 

bactamouna@yahoo.ff 

x 

Open 

Thu,  22  Jan  09  10: 1 1 : 55  +0000 

Webmail 

chaffai.faten@gmail. . . . 

> 

Zero 

Thu,  22  Jan  09  09:56:06  +0000 

Webmail 

PDF 

asma.bouabid@biat.co... 

\ 

Zero 

Thu,  22  Jan  09  07:58: 15  +0000 

Webmail 

PDF 

asma.bouabid@biat.co... 

> 

Page  1 


E 


Selected  folder:  [ BIAT 
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2.2.5.  Graph+  (only  for  OC) 

In  the  case  of  an  "Open  Case"  (OC)  Process  Folder,  EAGLE  system  creates  a 
"Graph+"  chart  automatically,  using  information  from  every  interception. 
The  " Graph+ " is  a graphical  tool  designed  to  display  and  to  analyze  the 
intelligence  relating  to  an  investigation  in  a visual  form.  It  supports  you  in 
your  analysis,  helping  to  navigate  through  large  networks  of  data  and 
discover  underlying  interconnections  quickly. 


Click  the  "Graph+"  button.  A new  tab  called  " G ra ph " appears: 


EAGLE 


Search 


Search  Directives  | All  | All\Http  | Mail  | VoIP  | Chat  | Search  Engine  | Http  | Transfer 


Graph  j 


Graph  in  BIAT  (Simplified) 


Selected  folder: 


Switch  to  full  view 


BIAT 


When  finish,  click  on  the  Close  tab  button  to  close  a "Graph"  tab. 
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From  the  Graph+,  you  can: 

> Center  the  chart  on  a particular  ID  or  suspect  by  clicking  on  it  and 
then  on  the  "Center"  button. 

> Remove  an  uninteresting  node  by  clicking  on  it  and  then  on  the 
" Remove " button.  The  " Switch  to  full  view"  button  allows  you  to 
display  every  node,  even  the  previously  removed  ones. 

The  colour  of  the  nodes  follows  a convention: 


Colour 

Descríption 

Example 

Green 

IDs  from  automatic 
extract 

Blue 

Suspects 

Grey 

Removed  IDs 

sw  ift@|  iby  ama  r c o m 

By  clicking  on  a Suspect  node,  you  can  access  to  the  Suspect  information's: 
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EAGLE  ^ 


:h  Directives  | All  | AII\Http  | Mail  | VoIP  | Chat  | Search  Engine  | Http  | Transfer  | Graph  BACCOUCHE  | 


LiliH.lllml.ni.-lUi 


Nickname: 

Real  firstname 
Real  name 
Primary  Language: 
Priority: 


MAIL  EMAIL_ADDR 

MAIL  EMAIL_ADDR 


***** 


Suspect  BACCOUCHE 


BACCOUCHE 

Mouna 

BACCOUCHE 

French 

9 


bactamouna@yahoo.fr 

mouna.baccouche@biat.com.tn 


Ú 


Selected  folder:  BIAT 
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2.2.6.  Suspects  (only  for  OC) 

In  the  case  of  an  "Open  Case"  (OC)  Process  Folder,  you  can  directly 
visualize  only  connections  between  suspects. 

Click  on  the  "Suspects"  button.  A new  tab  called  " Suspects " appears  as 
shown  on  the  picture  below: 


When  finish,  click  on  the  Close  tab  button  U to  close  a "Suspects"  tab. 
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As  for  the  Graph+,  by  clicking  on  the  link  between  suspects,  you  can  directly 
visualize  their  communications: 


EAGLE 

. dmps>ys> 


I*  Unread  interceptions 
R Opened  interceptions 
W Closed  interceptions 
Filter | 


♦ ÚH 

Search  Directives  | All  | All\Http  | Mail  | VoIP  | Chat  | Search  Engine  | Http  | Transfer  | Suspects  Link  j 


Link  between  suspect  ALNIHWI  and  suspect  BIAT  Bank  Support  in  BIAT 


l-*«l  ■*  I Page  1 [V] 


Status  S 

Timestamp 

Category 

Relevance  IMote 

Detail 

Unread 

Thu,  22  Jan  09  10:50:44  +0000 

POP3 

banksupport@biat.com... 

\ 

Unread 

Thu,  22  Jan  09  10:50:44  +0000 

POP3 

banksupport@biat.com... 

\ 

Unread 

Thu,  22  Jan  09  10:50:44  +0000 

POP3 

banksupport@biat.com... 

\ 

Unread 

Thu,  22  Jan  09  10:40:51  +0000 

POP3 

banksupport@biat.com... 

Unread 

Thu,  22  Jan  09  10:40:51  +0000 

POP3 

banksupport@biat.com... 

A 

Unread 

Thu,  22  Jan  09  10:40:51  +0000 

POP3 

banksupport@biat.com... 

A 

Unread 

Thu,  22  Jan  09  10:40:51  +0000 

POP3 

banksupport@biat.com. . . 

\ 

I I •*  I Page  1 [V] 


Selected  folder:  BIAT 


When  finish,  click  on  the  Close  tab  button  Q to  close  a "Link"  tab. 
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2.2.7.  No-Interest  popup 


At  any  time,  you  can  report  uninteresting  IDs  to  your  Superuser  through 
the  "No-Interest"  popup. 

Move  the  mouse  over  the  " No-Interest  (Mouse  here  to  focus)"  title  at  the 
top  of  the  workspace  to  display  the  popup  window. 

From  the  drop-down  lists,  select  respectively  the  type  of  ID  (email  address, 
Phone  number  or  ISP  account),  the  operator  (=,  BEGINS_WITH  or 
ENDS_WITH)  and  type  the  appropriate  ID  in  the  text  box. 


E AG  L E 

dmps>gs>  %• 


Search  Directives  Al  | All\Http  | Mail  | VoIP  | Chat  | SearchEngine  | Http  | Transfer  | 

4-* 


Interception 


Send  the  followinq  ID: 


Email  address 


agence.protection.seivice@gmail.com 


Seni 


Unique  identifier 
Type 
Category 
Date 

Transcoding  status 
TCP  Informations 


From: 

To: 


0000001e766f4912520000fffd3e0100 

Mail 

Webmail 

Thu,  15  Jan  09  20:46:09  +0000 
Not  transcoded 

87.248.110.33:80  ->  41.252.52.159:1269 


Technical  specific  data 


abi.assur@planet.tn,  albaraka@topnet.tn,  ami.ass@planet.tn,  ami.sousse@wanadoo.tn,  aontunisia@aon.com. tn,  arco@topnet.tn,  ass.salim@planet.tn, 
becha.benamar@gnet.tn,  commercial.hulti@planet.tn,  contact@dzeta.com. tn,  contact@egb.com. tn,  contact@utarcourtage.com,  coris@gnet.tn, 
cotunace.ddc@email-ati.tn,  cotunace2@email.ati.tn,  courrier@astree.com.tn,  ctama@planet.tn,  dg.comar@planet.tn,  dg@hayett.com.tn, 
dgen@carte.com. tn,  dir.generale.firstinsurance@planet.tn,  essaraya@planet.tn,  esthe.deco@planet.tn,  fatwassi.guenaoui@planet.tn, 
fhamdani@webmails.com,  gat@gat.com. tn,  general@assurancesbiat.com. tn,  general@bestretn.com. tn,  gepar.amel@gnet.tn,  globalassurance@gnet.tn, 
globalassurance@topnet.tn,  grassavoye.t@planet.tn,  imed.taktak@planet.tn,  info@assurcredit.com.tn,  info@gescoassur.com,  interassur@planet.tn, 
jallouli.uga@tunet.tn,  jelifi.safi@topnet.tn,  khalilhammami@tunet.tn,  khemaismidassi@yahoo.fr,  lloyd.sousse@gnet.tn,  mae.assurances@planet.tn, 
magassur@magassur.com. tn,  manai@arab-african-brokers.com,  mansourzekri@planet.tn,  marketing@revelon.com,  marsh.tunisia@gnet.tn, 
matech@planet.tn,  metalua@gnet.tn,  mnet-tunisie@wanadoo.tn,  mones@vatvedt.com,  msa.louati@planet.tn,  multitech@planet.tn, 
office.avustunisie@gnet.tn,  pavillonchristofletunis@planet.tn,  pro_assur@yahoo.fr,  protectinsre@yahoo.fr,  protectrice.nabeul@wanadoo.tn, 
protectrice.sousse@wanadoo.tn,  protectrice.tunis@wanadoo.tn,  ridene@planet.tn,  saecon.courtage@gnet.tn,  saidanimounir@gmail.com, 
sarahouer@yahoo.fr,  sea@topnet.tn,  seca@gat.com. tn,  sesame@planet.tn,  sihem.najah@ksninteriordesign.com,  simcar@gnet.tn, 
smd.herve@wanadoo.tn,  socaraon@gnet.tn,  socartun@wanadoo.tn,  socoass@planet.tn,  spacium_tn@yahoo.fr,  staba.tech@hotmail.fr, 
taoufik.sas@hotmail.com,  tarek.tebessi@yahoo.fr,  tc@gnet.tn,  temimi_meriem@yahoo.fr,  troudiabd@topnet.tn,  tu.firstinsurance@planet.tn,  tunis- 

— 


liua 


window  (printer-friendly) 


d 


ISPJD 

LANG 


wisam2mi 

Norwegian 


|From: 

Unknown  (see  above) 

To: 

Unknown  (see  above) 

Display  mail  in  a separate 

SOCIÉTÉ  APS 

www.ap-securite.com 

Selected  folder:  BIAT 


Click  the  "Send  ..."  button  to  send  your  suggestion  to  the  Superuser.  A 


confirmation  message  is  displayed: 
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2.2.8.  Warnings  popup 

The  "Warnings"  popup  window  is  an  information  area  alerting  you  when  at 
least  one  new  interception  is  available  in  any  of  your  OC  Process  Folders. 


EAGLE 

.'U dmesgsf* 


Search  Directives  | All  | Al\Http  | Mail  | VoIP  | Chat  | Search  Engine  | Http  | Transfer  | 

Search  directives  for  "BIAT 


I 06/10/08  11:07:10 


| please  identifv  everv  emplovee  from  this  bank 


tá 


Selected  folder:  BIAT 


In  addition,  a window  is  regularly  displayed: 
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£eagle. 


Geolocalizationpopup 


Junk  omail  Reporting  button- 


Content  of  the  interception 


Searc  1 Directi'  es 


All  | All\Http  | Mail  | VoIP  | Chat  | Search  Engine  | Http  | Transfer  | 


Filter 

W Unread  interceptions 
W Opened  interceptions 
W Closed  interceptions 
Filter 


Interception  (Open) 


Unique  identifier 
Type 
Category 
Date 

Transcoding  status 
TCP  Informations 


0000000afb764913430000d70e540300 

Mail 

Webmail 

Thu,  22  Jan  09  10:36:24  +0000 
Not  transcoded 

64.233. 1,R3.R3:R0  ->  41 .25?. 5. 64:3069 


From: 

To: 

asma. bouabid@biat.com.  tn 
chaffai.faten@amail.com  w 

Subject: 

Envoi  d'un  message  : tyndfb45sb< 

RelevanceNote— 


Open  transcríption  - 


Selected  folder:  BIAT 


► Open  Transcription 
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3.2.1.  Technical  Data 

Every  interception  will  have  a " Technical  Data"  table  as  the  one  shown 
below: 


Technical  data 

Unique  identifier 

0000000afb7649131000001703600300 

Type 

Mail 

Category 

POP3 

Date 

Thu,  22  Jan  09  10:50:44  +0000 

Transcoding  status 

Not  transcoded 

TCP  Informations 

65.254.250.100:110  ->  41.252.121.127:1142 

> Unique  identifier 

a unique  hexadecimal  number  which  is  assigned  by  EAGLE  to  identify  an 
interception 

> Type  and  Category 

Classification  of  the  interception 

> Date 

Accurate  date  and  time  of  the  interception  expressed  in  UTC 
(Coordinated  Universal  Time)  time  standard. 

> Transcoding  status 

Only  VoIP  communications  need  Transcoding. 

> TCP  Informations 


xx. xxx. 250.1 
00 

110 

> 

xx. xxx. 121.1 
27 

1142 

From 

To 

IP  address 

Port 

IP  address 

Port 

In  addition,  by  moving  the  mouse  over  every  IP  address,  a Geolocalization 
popup  window  appears  with  the  accurate  coordinates: 


Technical  data 

Unique  identifier 

0000000afb7649131000001703600300 

Type 

Mail 

Category 

POP3 

Date 

Thu,  22  Jan  09  10:50:44  +0000 

Transcoding  status 

Not  transcoded 

TCP  Informations 

65.254.250.100:110  ->  41.252.121.127:1142 

‘IP:  65.254.250.100 
City:  Burlington 
Country:  United 
States  (US) 

Region:  MA 
Latitude:  42.5051 
Lonqitude:  -71.2047 
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Unique  identifier 

0000002cale04820030000c0df0b0000 

Type 

Mail 

Category 

POP3 

Date 

Wed,  17  Dec  08  21:47:24  +0000 

Transcoding  status 

Not  transcoded 

TCP  Informations 

66.220.20.50:110  ->  88.202|49.6:54774 

'IP:  88.202.49.6 
City: 

Country:  Satellite 
Provider  (A2) 
Region: 

Latitude:  0 
Longitude:  0 
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3.2.2.  Technical  Specific  Data 

Every  interception  will  have  a " Technical  Specific  Data"  table  but  the  fields 
can  be  different: 


Technical  specific  data 

Caller 

sherefanovt@194.221. 62. 198 

Callee 

2235136007@194.221. 62. 198 

Call  duration 

16ml6s 

End  status 

COMPLETED 

For  further  details,  please  see  the  paragraphs  dedicated  to  each  category  of 
interceptions. 


3.2.3.  Extra  Data 

For  every  interception,  EAGLE  system  extract  automatically  some 
interesting  data  from  the  content  itself  such  as  email  address,  telephone 
number  and  ISP  ID. 

The  result  appears  in  the  " Extra  data" table: 


EMAIL_ADDR 

zitounissam@yahoo.fr 

EMAIL_ADDR 

ZAGHSA@yahoo.fr 

EMAIL_ADDR 

riadh.akaichi@laposte.net 

EMAIL_ADDR 

hazaramoudi@yahoo.fr 

EMAIL_ADDR 

aboudriga@yahoo.fr 

LA.NG 

French 

EMAIL_ADDR 

mejdee@yahoo.fr 

EMAIL_ADDR 

ghariani_abdelaziz@yahoo.fr 

EMAIL_ADDR 

ChefAg.mednine@stb.com.tn 

EMAIL.ADDR 

benmhamed.ahmed@afc.fin.tn 

EMAIL_ADDR 

nader.boujnah@laposte.net 

EMAIL_ADDR 

rabtifa@fastmail.fm 

EMAIL_ADDR 

latifa.rabai@isg.rnu.tn 

EMAIL_ADDR 

mo_fakh@hotmail.com 

EMAIL_ADDR 

alanaib@yahoo.fr 

EMAIL_ADDR 

khalil . attia@biat.  com . tn 

EMAIL_ADDR 

n_lahiani@yahoo.fr 

EMAIL_ADDR 

fares.zayani@biat.com.tn 

EMAIL_ADDR 

bellagha.oussama@cil.fin.tn 

EMAIL_ADDR 

aida.segni@gmail.com 

EMAIL_ADDR 

boumedien.  amin@apbt.org.  tn 

EMAIL_ADDR 

sebai_slim@yahoo.fr 

EMAIL_ADDR 

hatemmili@yahoo.fr 

EMAIL_ADDR 

hanentendresse@yahoo.fr 

ISP_ID 

mottaheda 

EMAIL_ADDR 

charaf.trimech@voila.fr 

EMAIL_ADDR 

azmi.bouali@bte.com.tn 

EMAIL_ADDR 

anouar.mans@yahoo.fr 

EMAIL_ADDR 

benamar.amin@yahoo.fr 

EMAIL_ADDR 

chefag.zarzis@stb.com.tn 

EMAIL_ADDR 

jebnounmedridha@yahoo.fr 

EMAIL_ADDR 

laadhar.olfa@yahoo.fr 

EMAIL_ADDR 

ben_amor_makram@yahoo.fr 

EMAIL_ADDR 

chedlann@gmail.com 

The  extra  data  supports  you  in  your  analysis,  helping  to  report  every 
interesting  IDs  for  improvement  of  further  interception. 
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3.2.5.  Transcription 


You  must  associate  to  each  interception  ranked  as  "Good"  or  " Very  Good"  a 
transcription. 

Click  on  the  " Open  Transcription"  link  at  the  end  of  each  interception  page. 
A " Transcription " page  opens,  similar  to  the  one  below: 


EAGLE 

dmes.gE>1 


Search 

I 


Selected  folder:  BIAT 


W Unread  interceptions 
W Opened  interceptions 
W Closed  interceptions 
Filter | 


Search  Directives  Al  | AII\Http  | Mail  | VoIP  | Chat  | Search  Engine  | Http  | Transfer  | 


Transcription  for  Interception 
0x0000000afb76491300000035e78b0400  (POP3) 


No  transcription  available  for  this  interception  for  the  moment  jlHS 

Summary 

|Conference 

B / U A8€  ^ M ^ ^ 

| -•  S tyles  --  - i Paraqraph  ■»  | 

:=  }=  | W *)  \ 

o»  ± J ® 

cíl  I -1 1 1 K J T 

1 — ^Hl  x'  1 n 

• Maha  CHAIEB,  progra  coordinator,  maha.chaieb@msb-online.org,  Tel:  21671961333 

• Ahmed  RJIBA  ahmed. ijiba@atb.com. tn 

• Ali  MENCHARI  menchariali@yahoo.fr 

• Dr  Richard  WRIGHT 

Qperational  Summarv : 

Invitation  on  a conference  titled  "Asia's  New  Giants:  China  versus  India"  that  will  occur  on  the  4th  of  February  2009  at  07:00PM,  at  the  Mediterranean  School  of  Business. 
The  conference  will  be  conducted  by  the  Dr  Richard  WRIGHT,  from  the  Anderson  School  at  UCLA. 


Create... 


A typical  transcription  includes: 

> A list  of  " Named  Entities"  such  as  names,  geographic  places  ... 

> A complete  "Translation"  of  any  written  text  or  a complete 
transcription  and  translation  (if  needed)  of  any  voice 
communication 


EAGLE  GLINT  - OPERATOR  MANUAL 


3.3.  Categories  of  Interception 
3.3.1.  Mail 

Below  is  a typical  "Technical  Specific  Data " table  in  the  case  of  a Mail 
interception: 


Technical  specific  data 


From:  info@aljoman-logistics.com 

To:  gunay@sns-international.com,  honal@turkloydu.org,  info@aljoman-logistics.com,  info@ihtlibya.com,  info@libyanspider.com,  info@searouteffeight.com, 

info@tegerhyshipping.com,  infocenter@ctt.gov.ly,  jale@sns-international.com,  janina.tasto@lplogistics.de,  jeanlouis.checa@gmail.com, 
joerg.himmalai@hbh-logistics.com,  kabdelrahman@bigdutchman.de,  kadir@sns-international.com,  khemais.kefi@planet.tn,  klaus.husmann@lplogistics.de, 
kuruoglu@kuruoglushipping.com,  l.ferrero@lplogistics.it,  lassetmngr@germashipping.net,  logistics@aljoman-logistics.com,  ludo.paris@altusholdings.com, 
maf_405@yahoo.com,  mahmoud.tawfik@ymail.com,  marine@yachtmarine.com,  marsb2007@yahoo.ff,  maxess@skynet.be,  medccly@yahoo.com, 
medhat.sherif@shell.com,  mio.bosnic@gmail.com,  mohkafala@yahoo.com,  murhag@gmail.com,  nabilfannoush@yahoo.com,  rainer.ehrenfeld@msec.ly, 
sales@searoutefreight.com,  eplg-logistics-base-supervisor@shell.com,  sherlala@ridats.com,  skoumengi@yahoo.com,  spekgun@turkloydu.org, 
sven.binder@lplogistics.de,  sven.speckmann@lplogistics.de,  thomas.senf@lpl-aircargo.de,  volker.miehe@lplogistics.de,  waarl955@yahoo.com, 
wieland.risse@lplogistics.de,  willsfij@gmail.com,  windtour@21cn.com,  y.madhun@gmail.com,  yeqianhi@gmail.com,  zippy@eunsan.co.kr, 
a.bagabir@alahli.com,  aadiguzel@turkloydu.org,  abb.srt@gmail.com,  abdelmenem.benali@wfp.org,  academyl@digigate.net,  agency@rashilal.com, 
ahenaid@hotmail.com,  alispak@yahoo.com,  almadar_insp@yahoo.com,  amohamedl966@yahoo.com,  avilys@wanadoo.ff,  avilysfrancoise@wanadoo.ff, 
maritimegroup@comcast.net,  avnei@wanadoo.ff,  basem.hlala@gmail.com,  beate.herrmann@lplogistics.de,  belgacem.raoudi@dqs.ma, 
biat63. tuniseljazira@biat.com. tn,  brigitte.hagemann@lplogistics.de,  bsavata@kolin.com.tr,  captainsulaiman@yahoo.com,  chemicals@leichem.com, 
chinatqs@public.wh.hb.cn,  chulshin@woojingl.com,  cihan@sns-international.com,  claudia.reinhold@lplogistics.de,  contazl@marfamar.com, 
crane_zolo@yahoo.com,  dinarvandy@germashipping.net,  dttrablus@yahoo.com,  efsunsarac@sns-international.com,  elmasasansor@gmail.com, 
farukkuru@kuruoglushipping.com,  fatma@sns-international.com,  fmkhalifa@yahoo.co.uk,  gaozit@yahoo.com.cn,  giffordcompany@aol.com 

Subject:  New  Year  Greeting 


From: 

To: 

Subject: 

Date 

Cher(e)  client(e) 


Attachment(s) 


Ack6429108787.pdf 


BIAT  service  SWIFT  <banksupport@biat.com.tn> 
swift@libyamar.com 

BAIT  AL  IZZ  GEN  TRDG  CO — OPT9002303 
Thu,  22  Jan  2009  11:42:58  +0100  (CET) 

Display  mail  in  a separate  window  (printer-friendly) 


Nous  avons  le  plaisir  de  vous  informer  que  le  message  Swift  de  paiement  portant  la 
référence  OPT9002303,  a été  émis  par  la  BIAT  le  22/01/2009. 


Veuillez  trouver  ci-joint  une  copie  de  ce  message  dont  nous  vous  souhaitons 
bonne  réception. 


Pour  toute  demande  d' informations  liée 
contacter  l'un  des  services  suivants  : 

* Opération  financiére  : 

Service  Assistance  Clientéle 
et  Investigation  Paiements 
Tel. : 00  216  71  131638 
Fax . : 00  216  71  334234 
E-mail:  banksupport0biat.com.tn 


á votre  opération,  nous  vous  invitons  á 


* Opération  commerciale  : 

Service  Développement,  Conseils 
et  Support  Clientéle 

Tel. : 00  216  71  131708 
Fax . : 00  216  71  131708 
E-mail:  tradesupport0biat . com. tn 


Ce  message  vous  est  adressé  en  tant  qu'adhérent  au  service  BIATSUIFT.  S'il  vous 
parvient  par  erreur,  merci  de  le  renvoyer  á banksupport0biat . com. tn. 
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3.3.2.  VoIP 

Below  is  a typical  "Technical  Specific  Data"  table  in  the  case  of  a VoIP 


interception: 


Technical  specific  data 

Caller 

sherefanovt@194.221. 62. 198 

Callee 

2235136007@194.221. 62. 198 

Call  duration 

16ml6s 

End  status 

COMPLETED 

3.3.3.  Chat 

Below  is  a typical  "Technical  Specific  Data"  table  in  the  case  of  a Chat 
interception: 


Technical  specific  data 


Login  erenbayraktar@hotmail.com 

[participants aslan.muhsin83@gmail.com 


CONTACTS 

Chat 

lll_blackjack_llll 

[Sat,  15  Nov  08  22:09:38  +0000]<aspartas01>  to  <mariam_likes_coffee> 

^J 

osaama_biiinJ4denl010 

no  again 

weiinak.habiibi 

[Sat,  15  Nov  08  22:09:40  +0000]<aspartas01>  to  <mariam_likes_coffee> 

sorayah_daykeh 

ok 

[Sat,  15  Nov  08  22:09:41  +0000]<mariam_iikes_coffee>  to  <aspartas01> 
ill  go  too 

[Sat,  15  Nov  08  22:09:55  +0000]<aspartas01>  to  <mariam_likes_coffee> 
ok  maybe  tomorrow  or  later  ok 

[Sat,  15  Nov  08  22:10:03  +0000]<aspartas01>  to  <mariam_likes_coffee> 
if  i finished  earlier 

_l 

[Sat,  15  Nov  08  22:10:04  +0000]<aspartas01>  to  <mariam_likes_coffee> 
ok 

[Sat.  15  Nov  08  22:10:12  +0000l<mariam  likes  coffee>  to  <asoartas01> 

^J 
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3.3.4.  Http 

Below  is  a typical  "Technical  Specific  Data"  table  in  the  case  of  a Http 


interception: 


Technical  specific  data  i 

Server 

pages.etology.com 

Request  #0 

URI 

/js2/55467.php 

3.3.5.  Search  Engine 

Below  is  a typical  "Technical  Specific  Data"  table  in  the  case  of  a Search 
Engine  interception: 


3.3.6.  Transfer 

Below  is  a typical  " Technical  Specific  Data"  table  in  the  case  of  a Transfer 
interception: 


Technical  specific  data 

Login 

Password 

Files  #0 

Filename 

/Nero  Web/Int_AIIFiles.info 

Filesize  (bytes) 

614 

Files  #1 

Filename 

/Nero  Web/Nero  7,vinf 

Filesize  (bytes) 

2116 

Files  #2 

Filename 

/Nero  Web/Nero  7/Cab/Int_AIIFiles.info 

Filesize  (bytes) 

123472 

Files  #3 

Filename 

/Nero  Web/Nero  7/Int_AllFiles.info 

Filesize  (bytes) 

2202 

Files  #4 

Filename 

/Nero  Web/Nero  7/Redist/Config/Int_AIIFiles.info 

Filesize  (bytes) 

79 

Files  #5 

Filename 

/Nero  Web/Nero  7/Redist/DirectX/Int_AllFiles.info 

Filesize  (bytes) 

533 

Files  #6 

Filename 

/Nero  Web/Nero  7/Redist/Int_AIIFiles.info 

Filesize  (bytes) 

396 

Files  #7 

Filename 

/Nero  Web/Nero  7/Setup/Int_AIIFiles.info 

Filesize  (bytes) 

1764 

Files  #8 

Filename 

/Nero  Web/Nero  7/Setup/fminf.fml 

Filesize  (bytes) 

85 

Files  #9 

Filename 

/Nero  Web/Patches/Int_AIIFiles . info 
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4.2.  EAGLE  Messages 

4.2.1.  Interception  locked  by  someone  else 

When  an  interception  is  opened  for  the  first  time  by  an  Operator  (you  or 
somebody  else),  its  current  Status  is  changed  for  " Open " and  a mechanism, 
called  Lock,  is  applied  for  enforcing  limits  on  its  access.  This  is  done  to 
avoid  concurrency  ranking  of  an  interception. 


EAGLE  „ 


Search  Directives  | All  | AII\Http  | Mail  | VoIP  | Chat  | Search  Engine  | Http  | Transfer  | Graph  BACCOUCHE  | 


Interception  (Open) 


Unique  identifier 
Type 
Category 
Date 

Transcoding  status 
TCP  Informations 


0000002cale04820000000f6d50e0000 

Http 

Http 

Wed,  07  Jan  09  16:00:55  +0000 
Not  transcoded 

88.202.49.6:54119  ->  67.192.57.179:80 


ECHNICAL SPECIFIC  DATA 


Server 

URI 


www.fatafeat.com 

/new/todayonfatafeat.php 


Request  #0 


Interception  locked  by  someone  else 


Open  Transcription 


Selected  folder:  BIAT 


Then,  the  owner  of  the  Lock  become  the  "owner"  of  the  interception  and  all 
other  operators  will  have  a read-only  access  until  the  Lock  will  be  released. 
This  will  be  done  when  the  owner  of  the  Lock  will  rank  the  interception. 
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4.2.2.  At  least  2 suspects  are  needed,  sorry 


The  "Suspects"  tab  displays  only  connections  between  suspects.  You  obtain 
the  "At  least  2 suspects  are  needed,  sorry"  message  when  one  or  fewer 
Suspects  are  linked  to  your  current  OC  Process  Folder:  this  is  normal. 


5EAGLE 

dmesgs 


R Unread  interceptions 
I*  Opened  interceptions 
W Closed  interceptions 
Filter 


Selected  folder:  BIAT 




Search  Directives  | All  | AII\Http  | Mail  | VoIP  | Chat  | Search  Engine  | Http  | Transfer  Suspects  | 


If  you  report  new  IDs  through  the  "Named  Entities"  of  your  "Transcription" , 
your  Superuser  will  create  new  Suspects  and  linked  them  to  your  OC 
Process  Folder.  Then,  when  at  least  two  Suspects  will  be  linked  on  it,  you 
will  be  able  to  use  the  "Suspects"  tab. 
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4.2.3.  Too  many  nodes 


EAGLE 

. dmes>gs.f» 


Selected  folder:  HQl-annakoa 
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4.2.4.  Cannot  retrieve  mail 

Please  alert  your  Superuser  as  soon  as  possible. 


EAGLE ^ 

dmesgsf* 


Search  Directives  All  j AII\Http  | Mail  | VoIP  j Chat  | SearchEngine  | Http  | Transfer  | 


Interception  (Open) 


Relevance  note 


VeryGood 

1 

Good 

Poor 

Zero 

Open  Transcription 


Selected  folder:  BIAT 
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4.3.  Cases  Study 
4.3.1.  Junk  e-mail 

E-mail  spams,  also  known  as  Junk  e-mails,  are  identical  messages  sent  to 
numerous  recipients  by  e-mail.  Below  is  an  example  of  spam: 

From:  "Royal  Gambling  Club"  <epyuawi@colima.com> 

To:  <zack@zackbonugli.com> 

Subject:  Play  with  555  Euro  of  Royal  Club  Casino's  money! 

Date  Sat,  24  Jan  2009  20: 16: 34  +0900 

Display  mail  in  a separate  window  (printer-ffiendly) 

Play  with  555€  of  Royal  Club  Casino's  money! 

Yes  indeed,  Royal  Club  Casino  is  giving  away  its  money  and  today  it's  yourturn  to  get  some.  Open  an  account  with  Royal  Club  and  you  can  receive  up  to  555€  free!  So 
this  is  howitworks: 

First  deposit:  300%  bonus  worth  up  to  300€ 

Second  deposit:  100%  bonus  worth  up  to  100€ 

Third  deposit:  155%  bonus  worth  up  to  155€ 

Not  only  will  you  receive  this  royal  bonus,  butyou  will  also  getthe  widest  choice  of  realistic  and  exciting  games  available  on  the  market.  including  slots,  video  poker, 
roulette  and  blackjack. 

http://www.realwavecasi  no.com/ 

Getthe  Royal  treatmentyou  deserve! 


EAGLE  has  its  own  e-mail  spam  filtering  based  on  content-matching  rules 
which  are  applied  to  determine  whether  an  email  is  "spam"  or  " ham " (non- 
spam  messages).  Most  rules  are  based  on  regular  expressions  that  are 
matched  against  the  body  or  header  fields  of  the  message.  Usually  a 
message  will  only  be  considered  as  spam  if  it  matches  multiple  criteria. 


EAGLE's  spamfilter  tries  to  reinforce  its  own  rules.  Typically,  when  you 
attribute  a " Relevance  note"  you  feed  example  of  ham  (useful)  mails  to  the 
spamfilter: 


Mail  successfully  sent  to  the  hamfilter 


And  when  you  click  on  the  "This  is  spam,  send  it  to  spamfilter"  button,  you 
feed  example  of  spam  mails. 


Mail  successfully  sent  to  the  spamfilter 
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4.3.2.  e-Newsletters,  Alerts  ... 

Do  not  confused  junk  e-mail  with  a solicited  mail  such  as  e-l\lewsletters  or 
the  Google  Alert  below  to  which  it  is  necessary  to  subscribe. 


From:  Google  Alerts  <googlealerts-noreply@google.com> 

To:  PHIL@HSEMS.CO.UK 

Subject:  Google  Alert  - BP  SHARE  PRICE 

Date  Mon,  19  Jan  2009  16: 1 1 : 54  +0000 

Display  mail  in  a separate  window  (printer-friendly) 

Google  News  Alert  for:  BP  SHARE  PRICE 

FTSE  uo  on  comods  but  RBS  blunts  bank  bailout  boon 
guardian.co.uk  - UK 

Heavyweight  energy  stocks  added  most  points  to  the  index  as  the  price  of  crude  steadied  around  $36  a 
barrel.  BG  Group,  BP  and  Royal  Dutch  Shell  gained  ... 

See  all  stories  on  this  tonic 

Four  of  Mv  Favorite  Stocks 
Seeking  Alpha  - New  York.NY.USA 

1 own  stock  in  each  ofthese  companies  and  have  never  sold  a share.  1 look  to  add  to  my  positions 

when  1 think  the  piices  are  cheap 

See  all  stories  on  this  topic 

New  £200bn  bailout  for  UK  banks 
This  is  Money  - UK 

The  method  of  gambling  on  slmie  piice  falls  was  widely  blamed  for  a series  of  slumps  in  banks'  shoie 
prices  last  summer  and  autumn,  most  notably  at  HBOS.  ... 

See  all  stories  on  this  tooic 

Alliance  Meet  Alaska 
Alaskajournal.com  - Anchorage,AK,USA 

Soeakers  at  this  vear's  event  include  senior  executives  with  the  maior  North  Slooe  oroducinq 

Nevertheless,  emails  such  as  e-Newsletters  or  Alerts  can  often,  but  not 
always,  be  reported  to  your  Superuser  as  not-Interesting  e-mails.  As 
counterexample,  consider  the  following  e-Newsletter  from  a specialized 
website: 


From:  "alert@grc.ae"<alert@grc.ae> 

To:  lookman@gawab.com 

Subject:  Gulf  in  the  Media  News  Alert  - December  18,  2008 

Date  Thu,  18  Dec  2008  13:42:52  +0400 

Display  mail  in  a separate  window  (printer-friendly) 

H 

i i 

For  details  of  these  and  other  stories  on  the  Gulf,  log  on  to 

www.  gulfíntheme  dia.com 


Top  Headlines  December  18,  2008 


Bahrain  arrests  group  suspected  ofplannmg  attack 

□ 

A group  planning  a terrorist  attack  in  the  Gulf  state  of  Bahrain  has  been  arrested, 
the  state  security  authority  said  in  a statement  on  Wednesday.... 

H 

| 2:  | Bush  touts  relations  with  Pakistan,  Saudi  Arabia 

President  George  W.  Bush  said  on  Wednesday  he  is  leaving  to  his 
successor  a stronger  anti-terrorism  partnership  with  Pakistan  and  Saudi 
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Below  are  different  examples  of  notifications: 


From:  MAILER-DAEMON@flexweb01 1 .flexyz.com 

To:  carro@ryremsa.com 

Subject:  failure  notice 

Date  3 Sep  2008  10:54:08  -0000 

Display  mail  in  a separate  window  (printer-friendly) 

Hi.  This  is  the  qrnail-send  program  at  flexweb011.flexyz.com. 

I'ro  afraid  I wasn't  able  to  deliver  your  message  to  the  following  addresses. 

This  is  a permanent  error;  I've  given  up.  Sorry  it  didn' t work  out. 

<mr@mikyair . com> : 

vdeliver:  Invalid  or  unknown  virtual  user  'mr' 

Below  this  line  is  a copy  of  the  message. 

Return-Path:  <carro@ryremsa. com> 

Received:  (qmail  16525  invoked  from  network) ; 3 Sep  2008  10:54:08  -0000 

Received:  from  unknown  (HELO  flexfilter.flexyz.com)  (212.45.52.159) 
by  0 with  SHTP;  3 Sep  2008  10:54:08  -0000 
Received:  from  localhost  (localhost  [127.0.0.1]) 

by  flexfilter.flexyz.com  (Postfix)  with  ESHTP  id  947E7BF5B1 
for  <mr@mikyair . com>;  Wed,  3 Sep  2008  12:54:27  +0200  (CEST) 

Received:  from  flexfilter.flexyz.com  ([127.0.0.1]) 
by  localhost  (flexfilter.flexyz.com  [127.0.0.1])  (amavisd-maia,  port  10024) 
with  ESHTP  id  25446-09  for  <mr@mikyair.com>; 

Wed,  3 Sep  2008  12:54:11  +0200  (CEST) 

Received:  from  [193.201.166.101]  (unknown  [193.201.166.101]) 

by  flexfilter.flexyz.com  (Postfix)  with  ESHTP  id  3045ABF936 
for  <mr@mikyair.com>;  Wed,  3 Sep  2008  12:54:10  +0200  (CEST) 

Hessage-ID : <000601c90db3 $07445386$f 498a9a90wgbnpy> 


From:  Unknown  (see  above) 

To:  Unknown  (see  above) 

Display  mail  in  a separate  window  (printer-friendly) 

This  is  the  mail  system  at  host  gb 0 1 3 5mta0 1 . mail.  slb . c om. 

I'm  sorry  to  have  to  mform  you  that  your  message  could  not 
be  delivered  to  one  or  more  recipients.  It's  attached  below. 

For  further  assistance,  please  send  mail  to 

Ifyou  do  so,  please  include  this  problem  report.  You  can 
delete  your  own  text  from  the  attached  retumed  message. 

The  mail  system 

<cnchards@ssafara.net>:  message  size  8234003  exceeds  size  limit  5222400  of 
server  ssa.mail.  slb.comr  199.6.196.60] 
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4.3.4.  Placeholder  in  a message 


To  protect  your  privacy  from  junk  e-mail  senders,  some  e-mail  client  such 
as  Microsoft  Office  Outlook  are  configured  by  default  to  block  image 
downloads  from  the  Internet.  Then,  a blocked  image  appears  as  a 
placeholder  indicating  an  image  can't  be  displayed. 


From:  Unknown  (see  above) 

To:  Unknown  (see  above) 

Display  mail  in  a separate  window  (printer-friendly) 
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Make  20%  Yields  from  Our  Vegetable 
Economy 

By  Tom  Dyson 

Traders  called  it  the  "Greenspan  Put." 

During  the  1980s  and  1990s,  the  Federal  Reserve  adopted  an  unofficial 
"bailout"  policy.  Whenever  a crisis  occurred,  Fed  Chairman  Alan  Greenspan 
would  cut  interest  rates  and  inject  billions  of  dollars  of  extra  credit  into  the 
system.  This  "re-juiced"  the  markets,  making  them  rise  again. 

Traders  buy  put  options  to  protect  themselves  from  catastrophe.  Put  options  Gojd  may  average  higher  for  each  of 
are  like  insurance.  With  the  Greenspan  Put  in  place,  traders  felt jcomfortable  the  next  three  years  and  c|imb  t0  a 
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